From 1b9877807f5a4e6d92cb333839994c0bc2176daa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emanuel=20Garc=C3=AAs?= <effgarces@gmail.com>
Date: Fri, 11 Feb 2022 19:08:29 +0000
Subject: [PATCH] Added proper escaping to the http_referer

---
 Pages/Page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Pages/Page.php b/Pages/Page.php
index 9df9a7f7c..20db7f1ca 100644
--- a/Pages/Page.php
+++ b/Pages/Page.php
@@ -168,7 +168,7 @@ public function RedirectToError($errorMessageId = ErrorMessages::UNKNOWN_ERROR,
 
     public function GetLastPage($defaultPage = '')
     {
-        $referer = getenv("HTTP_REFERER");
+        $referer = filter_var(getenv("HTTP_REFERER"), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         if (empty($referer)) {
             return empty($defaultPage) ? Pages::LOGIN : $defaultPage;
         }